terraform {
  required_providers {
    minio = {
      source = "aminueza/minio"
      version = "~> 2.5.0"
    }
  }
}

provider "minio" {
  minio_server = "localhost:9123"
  minio_region = "eu-central-1"
  minio_user = data.vault_kv_secret_v2.minio_creds.data["access_key"]
  minio_password = data.vault_kv_secret_v2.minio_creds.data["secret_key"]
}

resource "minio_s3_bucket" "platform" {
  depends_on = [data.vault_kv_secret_v2.minio_creds]
  bucket = "platform"
  acl = "private"
}

resource "minio_iam_user" "platform" {
  depends_on = [data.vault_kv_secret_v2.minio_creds]
  name = "platform"
}

resource "minio_iam_policy" "platform" {
  depends_on = [minio_s3_bucket.platform]
  name = "platform-policy"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = ["s3:GetObject", "s3:PutObject"]
        Resource = ["arn:aws:s3:::platform/*"]
      }
    ]
  })
}

resource "minio_iam_user_policy_attachment" "policy_attachment" {
  depends_on = [minio_iam_user.platform, minio_iam_policy.platform]
  user_name   = minio_iam_user.platform.name
  policy_name = minio_iam_policy.platform.name
}